The recent rise in mobile malware have made Mobile phones vulnerable to data leakage and tempering of sensitive information such as business documents, bank details, credit card information and make purchases. Malware client called Pegasus have been found that can jailbreak your smartphone, ultimately installing a client that can seize data, according to Symantec reports.
Smartphone malware infections have surged 96% from 2015 to 2016, according to the Nokia Threat Intelligence Report; and 71% of phones have no security features to defend against this data-stealing software, according to a survey by Alcatel-Lucent Motive. “Our mobile devices are small digital assistants that carry as much—if not more—very personal information as our desktop or laptop,” says personal security expert Robert Siciliano, CEO of IDTheftSecurity. “A lost, stolen or hacked phone provides an efficient way for a thief to steal your identity or drain your bank account.”
Smartphone users throughout the world have been very concerned after Edward Snowden, a former National Security Agency (NSA) contractor, leaked that NSA gathers huge amounts of information from cloud computing platforms and wireless carriers, including the numbers ordinary people called and the times they called them. Modern smartphones and the apps running on them are engineered to collect and disseminate enormous amounts of user data such as location, Web browsing histories, search terms, and contact lists.
All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses inherent in smartphones that can come from the communication mode—like Short Message Service (SMS), Multimedia Messaging Service (MMS), wifi, Bluetooth and GSM, the de facto global standard for mobile communications. There are also exploits that target software vulnerabilities in the browser or operating system. And some malicious software relies on the weak knowledge of an average user.
Mobile phone security has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones. Some general security features that should be employed by users include install antivirus and firewall. The users should also continuously update their operating system, these updates typically include fixes for security issues found in the old operating system. The apps which are no longer needed should be deleted.
Next, make sure your phone automatically updates your remaining apps. On an iPhone, go into Settings, scroll to “iTunes & App Store,” and check that “Updates” is selected for Automatic Downloads. For Android, open “Settings” in the menu section of the Play Store app to verify that you have the “Auto-update apps” feature turned on. And of course, all apps containing personal data, whether it relates to banking, email, or just your Amazon account, should also be password-protected.
While it’s usually not too bad to use public Wi-Fi for web searches, Netflix and the news, avoid entering in any passwords or personal deets, like your credit card number. “If you do have to access your email or make a purchase, switch over to your cellphone’s data plan connection, which is much more private,” Michael Kaiser, executive director of the National Cyber Security Alliance says. For the same reason, turn off your Bluetooth whenever you’re not actively using it.
One way to help protect yourself is by using a virtual private network (VPN), which is software that encrypts your wireless session across a public network. Some devices (like a company-issued phone) come with a built-in VPN or can be brought from strores.“Some people use VPN for all of their wireless access, even in their home,” Kaiser says. “It’s safer than just a secure Wi-Fi network with a password.
Not locking your phone is like leaving the door wide open to hackers. So make sure your auto-lock function activates after a short period of inactivity, say one minute, and create a powerful password. “Set up both a biometric security measure, meaning a finger tap or swipe, as well as a passcode,” Kaiser says.
Smartphones have evolved rapidly in terms of privacy and security over the last few years. Companies are now incorporating security counter-measures in smartphones, from security in different layers of software to the dissemination of information to end users. Almost every smartphone today comes loaded with hardware- and software-based security features such as encryption, facial recognition, iris scanners, etc. But the methods of hacking and data theft have also become more complex than ever before.
The first layer of security in a smartphone is the operating system (OS). Beyond needing to handle the usual roles of an operating system (e.g. resource management, scheduling processes) on the device, it must also establish the protocols for introducing external applications and data without introducing risk. Above the operating system security, there is a layer of security software. This layer is composed of individual components to strengthen various vulnerabilities: prevent malware, intrusions, the identification of a user as a human, and user authentication.
Smartphones are providing end-to-end encryption on some widely-used messaging apps to delivering rapid updates of security patches . Without data encryption, anyone in possession of your phone could extract or read its contents, even if they didn’t know your passcode. Apple’s Tim Cook explains it the best: “On your smartphone today, there’s likely health information, there’s financial information. There are intimate conversations with your family, or your co-workers. There’s probably business secrets, and you should have the ability to protect it. And the only way we know how to do that is to encrypt it.”
The reason an iPhone is secure from criminals is because of full device encryption, also full disk encryption. Not only is all of the data encrypted, it is done in a way that is combined or entangled with the hardware. Thus, the encrypted data cannot be cloned , then crack it offline using supercomputers to “brute-force” guess all possible combinations of the passcode.
The ability to block apps serves two purposes. Most importantly, it lets you prevent apps that don’t necessarily need web access to function correctly from sneakily “phoning home” with your data. Secondly, it can reduce you data usage and prevent unexpectedly high bills. Phone X lets you restrict apps individually
Phone X became the first device whose facial recognition software was secure enough to be used for authorizing mobile payments as well as for locking your screen. Apple claims Face ID is more secure than Touch ID: “The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID).”
The presence of a password-protected folder is another line of defense . It prevents someone who knows your PIN code accessing your phone and stealing its most sensitive contents. The folder lets you keep any files, photos, videos, or documents in a secure location on your device. You can move content in and out with ease. As a further benefit, the Galaxy’s secure folder also lets you hide it from the Apps and Home screen. It means a casual observer won’t even know it exists.
Do you use your device for both business and pleasure? Most people do. If you’re one of them, the ability to run multiple sandboxed user profiles is important. It’s also useful if you’d like to keep one section of your phone for work-related things and one for personal things. All user accounts run in their own sandbox, so data can never leak between them.
Automatic data wipe
We’re sure lots of you have lost a phone at some point in your lives. Given how much data is on your device, that’s a massive problem. A way to make your phone delete all its data if the PIN code is entered incorrectly too many times will protect you against brute force attacks.
Native password manager
Samsung Galaxy S10 Series, Note9 and S9 Achieve Security Technical Implementation Approval
Samsung Electronics America, Inc. announces that its flagship products continue to obtain federal certification with the recent approval of the Samsung Galaxy S10 series, Note9 and Galaxy S9 join the Galaxy S8/S8+ and Note8 in the receiving Security Technical Implementation Guide (STIG) approval necessary for deployment within the Department of Defense (DoD). With the full S10 series approved, including the S10 5G, this marks the first 5G device to receive STIG approval for the federal government that will allow the federal workforce to take advantage of 5G-enabled environments.
Additionally, STIG approval ensures the maximum protection for sensitive military data and improves the security of DoD information systems. In addition to the Galaxy S9 and S10 series, Samsung’s defense-grade security solution, Samsung Knox meets STIG requirements when the appropriate APIs are applied to lock down the device.
To achieve this approval, Samsung worked in lock step with standards bodies to ensure that its devices meet the needs of the National Information Assurance Partnership (NIAP), through the Common Criteria for Information Technology Security Evaluation as set by the Defense Information Security Agency (DISA).
Furthermore, all of Samsung’s flagship devices are designed to meet the standards required by stringent certifications such as Common Criteria and Federal Information Processing Standard (FIPS) Cryptographic programs implemented by NIAP.
Rostec Launches Sales of Russia’s Cryptophone Immune to Hacking, Wiretapping
Sales of a mobile phone with crypto-protection technology Kruiz-K, which is immune to hacking and wiretapping, have started in Russia. In May 2018 Avtomatika’s press secretary Vitaly Strugovets announced that Avtomatica has created the first Russia’s cryptophone, which will be available to security forces and businesspeople who want protection against eavesdroppers.
Rostec said that the operating system of the phone had been designed by Avtomatika. The real-time system was significantly stripped down for information security reasons. Kruiz-K technology has been certified by the Russian Federal Security Service as compliant with all requirements for the gadgets that transmit confidential information.
It was said that the device supported two regimes for phone conversations: an encrypted one and the one where communications are not protected. Fyodor Volkov, an engineer from Avtomatika, explained that the owner of such a telephone could be “completely assured” of the privacy of their calls as long as the person on the other end of the line had a similar IP phone.
Launched in March this year by DarkMatter, Katim phone is the world’s most secure smartphone. It runs a heavily customized version of Android. At every boot instance, the device checks the complete software stack to detect modifications. It aborts the boot up if the validation fails. It constantly monitors the phone and data. If it detects a malware or security attack trying to bypass its security mechanisms, it cleans up the entire phone.
The Katim phone also gets Shield Mode for better security. DarkMatter has added the Katim Email app to its Secure Communications Application Suite that allows 256-bit end-to-end encryption. DarkMatter claims Katim allows you to communicate with confidence that your data and voice calls are “uncompromised.”
Google Pixel 3
The Pixel 3 and Pixel 3 XL are the latest smartphones from Google. They have some of the world’s best smartphone cameras and a powerful Snapdragon 845 chipset. What makes Pixel 3 one of the most secure smartphones is that it runs the stock version of Android Pie. If a security vulnerability is spotted in the Android software, Pixel phones are among the first to receive security patches. Google rolls out timely security patches to keep you protected against any known exploits.
iPhone XS and XS Max
Apple’s newest and most expensive iPhones are the most powerful smartphones available to consumers, even though they have just 4GB RAM. The A12 Bionic chip used in the iPhone XS has built-in security features to prevent attacks. The iOS 12 has also stepped up the security game. The fact that Apple controls both software and hardware of iPhones allows it to roll out software updates quickly. Apple has always supported user privacy, even when it was dragged to court by the FBI.
A company named KryptAll has designed a special version of the iPhone, K iPhone exclusively for security. It has changed the firmware and added its own VoIP applications to ensure that all phone calls are fully encrypted. Even KryptAll and law enforcement agencies can’t decrypt your conversations. However, this device is particularly expensive at $4,500.
When BlackBerry launched the DTEK60, the company claimed it was the “most secure Android smartphone” in the world. The DTEK has a decent camera, fingerprint sensor, and built-in BlackBerry Security. It has a Password Keeper to securely store all your passwords. It encrypts your data to protect against malware, hacking, and any attempts to tamper with your phone. The phone uses an extremely secure boot sequence process. Another BlackBerry Key2 provides real-time threat monitoring to provide proactive security.
The DTEK software protects users from malware and other security problems often seen on Android smartphones. The DTEK app lets users quickly get an overview of their device’s security and take action on any potential issues. It comes with features such as periodic application tracking, which automatically monitors the OS and apps. The feature also lets you know when your privacy could be at risk and what actions you can take to strengthen it. BlackBerry says that it has modified Android with its own technology originally developed for the BB10 platform to make it more secure. The company is also committing to rapid updates to deliver security patches shortly after they are released.
Boeing Black is the result of a collaboration between aerospace and defence giant Boeing and smartphone maker BlackBerry. Capable of encrypting calls, this Android-based smartphone is aimed at government agencies and other types of businesses where data security is crucial.
According to General Lynn, the device uses “a large amount of encryption” and “nothing lives on the device.” It is much like a virtual desktop. That means that the Boeing Black acts like a dumb terminal once it connects to a secure server where all the work is done and the only thing the user controls are input signals (keyboard, mouse) to the server. Even if the Black is stolen or lost, the device has no secrets to give up.
Boeing says it gives users secure remote access to both classified and unclassified information on government networks using dual SIM cards. The dual-sim arrangement would allow the user to have access to the internet for non-secure use and prohibit internet access to the secure government networks like the super-secret Joint Worldwide Intelligence Communications System (JWICS). The only way for the user to reach JWICS is through a secure connection.
Boeing Black runs on what Boeing calls “an enhanced” Android operating system, designed with security in mind from the outset.The smartphone comes with a self-destruct feature. This ensures that any attempt to break open the casing of the device triggers the auto-deletion of the data and software on it, thus rendering it inoperable.
The Turing Phone is made of Liquidmorphium, an alloy of copper, aluminum, nickel, silver, and zirconium. Its makers claim the Turing Phone is unbreakable. It promises ‘total protection’ from hackers, malware, and data theft. It uses a hardware chip called Turing Imitation Key to authenticate encryption locally instead of relying on a remote server. The phone runs SailfishOS and offers end-to-end encryption. The Turing Phone features a 2.5GHz Krait processor, a 3,000mAh battery, and a 5.5-inch display.
The $72 million venture startup Sirin Labs has launched the Solarin, a luxury smartphone with a design emphasis on “military-grade” security. In terms of security, the Solarin comes with mobile threat protection courtesy of Zimperium, which looks to stop an array of device, network and application-based mobile cyberattacks. The device comes with a Security Shield mode which creates an isolated zone for encrypted calls and messages. For emails, it has got ProtonMail.
The phone was made by Israel-based Sirin Labs with the help of Leonardo DiCaprio. Sirin Labs claims it offers “the most advanced privacy technology, currently unavailable outside the agency world.” Sirin partnered with KoolSpan, a company that specialises in mobile voice and messaging security, to build in chip-to-chip 256-bit AES encryption – supposedly the same technology that militaries around the world use to protect communications. There’s also a physical “Security Switch” that puts the phone into a “shielded mode” for making secure phone calls.
Aside from its privacy features, the Solarin seems to be a pretty standard, mostly high-end smartphone. It has a 5.5-inch 2K display, a Snapdragon 810 processor, and a 23.8-megapixel camera with laser-assisted autofocus.
Silent Circle has launched its next-generation smartphone Blackphone 2 that offers all the capabilities of a modern smartphone as well as provide high security features ensuring individuals and businesses to make and receive secure and encrypted phone calls, video conferencing, secure text and file transfers and browse the internet securely.
At a price of $799, it adds an Octa-core Qualcomm processor, 3GB RAM, 32GB of internal storage plus a removable Micro SD card slot, a larger 5.5″ Gorilla Glass display and a 13-megapixel camera. The new privacy-oriented Blackphone 2 comes with an updated version of the firm’s PrivatOS Android-based OS, which now bears the version number 1.1. Blackphone 2 is ready for enterprise deployment, with support for Google’s Android For Work program and seamless integration with Google’s suite of applications. It is also certified with existing MDM systems, including MobileIron, Citrix, Good and SOTI.
Silent Circle’s enterprise privacy platform, a unique combination of devices, software and services, based upon and built from a fundamentally different mobile architecture – ZRTP.
“The launch of Blackphone 2 is a game changer for the mobile sector and for the way we provide individual and enterprise privacy, “said Bill Conner, President and CEO of Silent Circle. “Blackphone 2 combines an enhanced Android operating system with a suite of apps designed to keep your enterprise and personal information separate and private. We’re proud to deliver a safe and sexy device with a seamless user experience”
Blackphone 2 has a unique, in-built Security Center that enables the user to easily manage their privacy and security settings in one place. The user can control and fine-tune the individual app permissions and the data the apps have access to, while ensuring they need not compromise on the device’s cutting edge smartphone functionality. The Blackphone 2 also comes with a remote wipe setting should the phone be lost or stolen.
The Blackphone is powered by a secure version of Android, PrivatOS. It protects communications at the highest level — in software by encrypting (VoIP) communication, sending them through the company’s servers and decrypted on the other phone. The keys are stored only at endpoints thus preventing the carriers including company’s own servers from decrypting the content of a call. It also provides additional security through encrypted filesystem.
PrivatOS 1.1 is the first major upgrade to the company’s OS. It introduces Spaces, an OS-level virtualization and management solution that enable devices to be used for all aspects of mobile life without compromising choice, privacy or ease-of-use. Through “Spaces” function, Blackphone 2 provides users with the ability to build separate, secure environments for their critical business data, personal information and even social applications within the same device.
- Silent Suite: Silent Suite is the Silent Circle’s core set of applications that enable private, encrypted communication. It offers peer-to-peer key negotiation and management. Silent Suite sets the standard for enterprise privacy and is available on PrivatOS, iOS and Android. It includes:
- Silent Phone: Allowing users to make private voice and video calls in HD clarity over a peer to-peer encrypted VoIP service.
- Silent Text: An unlimited encrypted texts services with the capability to transfer files. Includes burn functionality to destroy selected messages automatically
- Silent Contacts: An automatically encrypting address book
- Silent Meeting: A new, secure conference calling system allowing for multiple participants. Silent Circle say the system means no more access codes to remember and never again ask “Who’s just joined?” thanks to a visual interface that makes scheduling, inviting and monitoring attendees simple.
However Blackphone isn’t a completely secure communications device. It does not provide any protection over the standard GSM/WCDMA radio, protection against vulnerabilities in the Android subsystem, in the application processor (SoC), or in the baseband itself.
The first generation Blackphone was launched at Mobile Congress 2014, however the earlier version of Blackphone got hacked soon after launch, while Silent Circle was quick to patch up one vulnerability. Researcher Justin Case tweeted at the DefCon security conference about discovering a set of vulnerabilities in the Blackphone, which helped him enable the Android Debug Bridge (ADB) and get root access to the device without unlocking the Android bootloader. It did not provide any protection against vulnerabilities in the Android subsystem, and is potentially subject to zero-day vulnerabilities, which seem to have been exploited in the said hack.
“Nothing is hack-proof,” admits Daniel Ford, chief security officer. However, he says his company can help guard against certain types of attacks. “Targeted attacks are completely different than mass surveillance,” he said.” There’s little Blackphone or anyone can do against the former, But when it comes to broader mass surveillance, Ford said Blackphone can step in and offer more protection. ”
References and Resources also include: